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DETAILED ACTION 



Priority 

1 . For the record, the Examiner acknowledges that no priority claim has been made 
in regards to this application. 



Information Disclosure Statement 

2. For the record, the Examiner acknowledges that no IDS has yet to have been 
received with this application submitted on 10/09/2003. 

Oath/Declaration 

3. For the record, the Examiner acknowledges that the Oath/Declaration submitted 
on 10/09/2003 has been received and considered. 

Drawings 

4. For the record, the Examiner acknowledges that the drawings submitted on 
10/09/2003 have been received and considered, however Figures 2 and 5 are objected 
to. 

The drawings are objected to because Figures 2 and 5 do not meet Office 
requirements with regards to quality and margin spacing. Corrected drawing sheets in 
compliance with 37 CFR 1 .121(d) are required in reply to the Office action to avoid 
abandonment of the application. Any amended replacement drawing sheet should 
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include all of the figures appearing on the immediate prior version of the sheet, even if 
only one figure is being amended. The figure or figure number of an amended drawing 
should not be labeled as "amended." If a drawing figure is to be canceled, the 
appropriate figure must be removed from the replacement sheet, and where necessary, 
the remaining figures must be renumbered and appropriate changes made to the brief 
description of the several views of the drawings for consistency. Additional replacement 
sheets may be necessary to show the renumbering of the remaining figures. Each 
drawing sheet submitted after the filing date of an application must be labeled in the top 
margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1 .121(d). If 
the changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 

Specification 

5. For the record, the Examiner acknowledges that the Specification submitted on 
10/09/2003 has been received and considered. 

6. Pursuant to USC 131, claims 1-26 are presented for examination. 

7. Claims 1-26 are pending. 
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Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims are rejected under 35 U.S.C. 102(e) as being disclosed by Cheng et 
aL (U.S. Patent No. 7,010,582 B1). 

Regarding claim 1 , Cheng et aL , discloses a method of performing single sign-on 
services for a network of trusted partner sites comprising: 

a) generating assertion information comprising identity information associated 
with a user that is authorized to sign on to said network, each of said network of 
trusted partner sites communicatively coupled together through a communication 
network (col. 2 lines 11-35); 

b) generating a plurality of artifacts that are associated with said assertion 
information (col. 1 lines 46-60); 

c) sending said plurality of artifacts to a group of trusted partner sites of said 
network in order to facilitate single sign-on capabilities of said network, wherein 
each of said artifacts allows access to said assertion information so that each of 
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said group of trusted partner sites can individually authorize access by said user, 
(col. 2 lines 55-67 and col. 3 lines 1-15). 

Regarding claim 2 , Cheng et al. , discloses the method as described in Claim i, 
wherein said a) further comprises: receiving a sign-on request from said user, 
retrieving said identity information associated with said user to authenticate said 
user and authorizing said user access to said network when said user is 
authenticated (col. 2 lines 11-35). 

Regarding claim 3 , Cheng et al. , discloses the method as described in Claim i, 
further comprising: 

d) receiving a first artifact of said plurality of artifacts through said communication 
network from a first trusted partner site, said group of trusted partner sites 
including said first trusted partner site (col. 3 lines 16-39); 

e) authenticating said first artifact to said first trusted partner site (col. 3 lines 16- 
39); and 

f) sending said assertion information to said first trusted partner site, 
transparently to said user, to enable said first trusted partner site to authenticate 
said user and authorize access to said first trusted partner site by said 

user (col. 3 lines 40-67). 

Regarding claim 4 , Cheng et al. , discloses the method as described in Claim I, 
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further comprising: 

d) receiving a first artifact of said plurality of artifacts through said communication 
network from a first trusted partner site not from said group of trusted partner 
sites, wherein said first trusted partner site received said 1 first artifact from one of 
said group of trusted partner 

sites (col. 3 lines 16-39); 

e) authenticating said first artifact (col. 3 lines 16-39); 

f) authenticating said first artifact; and sending said assertion information to said 
first trusted partner site, transparently to said user, to enable said first trusted 
partner site to authenticate said user and authorize access to said first trusted 
partner site by said user (col. 3 lines 40-67). 

Regarding claim 5 , Cheng et al. , discloses the method as described in Claim i, 
further comprising: 

d) receiving other assertion information from a first trusted partner site of said 
network of trusted partner sites, said assertion information comprising data (col. 
2 lines 11-35); 

e) storing said other assertion information (col. 1 lines 30-36); 

f) generating another artifact associated with said other assertion information 
(col. 1 lines 46-60); and 

g) sending said another artifact to a second trusted partner site as directed by 
said first trusted partner site to facilitate a transfer of said data from said first 
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trusted partner site to said second trusted partner site, wherein said another 
artifact allows access to said other assertion information (col. 2 lines 55-67 and 
col. 3 lines 1-15). 

Regarding claim 7 , Cheng et al. , discloses the method as described in Claim I, 
wherein said a) further comprises: sending said plurality of artifacts to a first 
trusted partner site of said group of trusted partner sites as directed by said user 
(col. 2 lines 55-67 and col. 3 lines 1-15). 

Regarding claim 8 , Cheng et al. , discloses the method as described in Claim I, 
wherein said a) further comprises: sending said plurality of artifacts to a first 
trusted partner site of said group of trusted partner sites as directed by a second 
trusted partner site of said group of trusted partner site authorized access to said 
assertion information (col. 2 lines 55-67 and col. 3 lines 1-15). 

Regarding claim 9 , Cheng et al. , discloses the method as described in Claim I; 
wherein said c) further comprises: tagging each of said plurality of artifacts for 
use solely by a corresponding trusted partner site in said group of trusted partner 
sites (col. 9 lines 37-60). 



Regarding claim 10 , Cheng et al. , discloses the method as described in Claim I, 
further comprising: d) expiring a first artifact after use of said first artifact by a 
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trusted partner site to retrieve said assertion information (col. 6 lines 54-67 and 
col. 7 lines 1-21). 

Regarding claim 11 , Cheng et aL discloses the method of performing single 
sign-on services for a network of trusted partner sites comprising: 

a) receiving a first artifact at a first trusted partner site from a central service 
provider, said central service provider providing singlesign-on access to said 
network of trusted partner sites, said first artifact associated with assertion 
information comprising identity information associated with a user, said user 
desiring access to said first trusted partner site, each of said network of trusted 
partner sites and said central service provider communicatively coupled through 
a communication network (col. 2 lines 1 1-35); 

b) sending said first artifact to said central service provider over said 
communication network to retrieve said assertion information (col. 1 lines 46-60); 

c) receiving said assertion information from said central service provider at said 
first trusted partner site over said communication network (col. 2 lines 55-67 and 
col. 3 lines 1-15); and 

d) determining authorization for said user to access said first trusted partner site 
based on said assertion information (col. 3 lines 16-39). 



Regarding claim 12 , Cheng et al. , discloses the method as described in Claim ii, 
further comprising: receiving a second artifact at a second trusted partner site 
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from said central service provider, said user desiring access to said second 
trusted partner site, said second artifact associated with said assertion 
information, sending said second artifact to said central service provider over 
said communication network to retrieve said assertion information, receiving said 
assertion information from said central service provider at said second trusted 
partner site over said communication network and determining authorization for 
said user to access said second trusted partner site based on said assertion 
information (col. 4 lines 60-67 and col. 5 lines 1-15). 

Regarding claim 13 . Cheng et al. , discloses the method as described in Claim 
1 1 , wherein said central service provider previously authorizing said user to sign- 
on to said network of trusted partner sites, said central service provider 
generating and storing said assertion information (col. 2 lines 11-35). 

Regarding claim 14 , Cheng et al. . discloses the method as described in Claim 
1 1 , wherein said a) further comprises: said receiving said first artifact at said first 
trusted partner site from said central service provider at a direction by a second 
trusted partner site authorized access to said assertion information (col. 2 lines 
11-35). 



Regarding claim 15 , Cheng et al. , discloses the method as described in Claim 
11, further comprising sending said first artifact to a second trusted partner site to 
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facilitate access by said user to said second trusted partner site (col. 6 lines 49- 
64). 

Regarding claim 17 , Cheng et aL discloses the method as described in Claim ii, 
further comprising: bypassing said b) and said c) by sending said first artifact to 
an assertion manager controlling access to said assertion information for internal 
access to said assertion information when said first trusted partner site is co- 
located with said central service provider on a web container; and 
f) receiving said assertion information from said assertion manager at said first 
trusted partner site (col. 5 lines 50-67 and col. 6 lines 1-2). 

Regarding claim 18 , Cheng et aL discloses a processor; and 
a computer readable memory coupled to said processor and containing program 
instructions that, when execute, implement a method of performing single sign-on 
services for a network of trusted partner sites comprising: generating assertion 
information comprising identity information associated with a user that is 
authorized to sign on to said network, each of said network of trusted partner 
sites communicatively coupled together through a communication network, 
generating a plurality of artifacts that are associated with said assertion 
information, sending said plurality of artifacts to a group of trusted partner sites of 
said network in order to facilitate single sign-on capabilities of said network, 
wherein each of said artifacts allows access to said assertion information so that 
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each of said group of trusted partner sites can individually authorize access by 
said user (Rejected under the same rationale as claim 1 and col. 4 lines 20-27). 

Regarding claim 19 , Cheng et aL discloses the computer system as described in 
Claim 18, wherein said a) in said method further comprises: 
al) receiving a sign-on request from said user, retrieving said identity information 
associated with said user to authenticate said user and authorizing said user 
access to said network when said user is authenticated (Rejected under the 
same rationale as claim 2 and col. 4 lines 20-27). 

Regarding claim 20 , Cheng et aL , discloses the computer system as described in 
Claim 18, wherein said method further comprises: d) receiving a first artifact of 
said plurality of artifacts through said communication from a first trusted partner 
site, said group of trusted partner sites including said first trusted partner site, e) 
authenticating said first artifact to said first trusted partner site; and 
f) sending said assertion information to said first trusted partner site, 
transparently to said user to enable said first trusted partner site to authenticate 
said user and authorize access to said first trusted partner site by said user 
(Rejected under the same rationale as claim 3 and col. 4 lines 20-27 



Regarding claim 21 , Cheng et al. , discloses the computer system as described in 
Claim 18, wherein said method further comprises: receiving a first artifact of said 
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plurality of artifacts through said communication network from a first trusted 
partner site not from said group of trusted partner sites, wherein said first trusted 
partner site received said' first artifact from one of said group of trusted partner 
sites, authenticating said first artifact,authenticating said first artifact; and sending 
said assertion information to said first trusted partner site, transparently to said 
user, to enable said first trusted partner site to authenticate said user and 
authorize access to said first trusted partner site by said user (Rejected under the 
same rationale as claim 4 and col. 4 lines 20-27). 



Regarding claim 22 , Cheng et al., discloses the compute system as described in 
Claim 18, wherein said method further comprises: receiving other assertion 
information from a first trusted partner site of said network of trusted partner 
sites, said assertion information comprising data, storing said other assertion 
information, generating another artifact associated with said other assertion 
information and sending said another artifact to a second trusted partner site as 
directed by said first trusted partner site to facilitate a transfer of said data from 
said first trusted partner site to said second trusted partner site, wherein said 
another artifact allows access to said other assertion information (Rejected under 
the same rationale as claim 5 and col. 4 lines 20-27). 



Regarding claim 24 , Cheng et al. , discloses a computer system as described in 
Claim 18, wherein said a) in said method further comprises: sending said plurality 



t 
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of artifacts to a first trusted partner site of said group of trusted partner sites as 
directed by a second trusted partner site of said group of trusted partner site 
authorized access to said assertion information (Rejected under the same 
rationale as claim 1 and col. 4 lines 20-27). 



Regarding claim 25 , Cheng et aL discloses the computer system as described in 
Claim 18, wherein said c) in said method further comprises: tagging each of said 
plurality of artifacts for use solely by a corresponding trusted partner site in said 
group of trusted partner sites (Rejected under the same rationale as claim 9 and 
col. 4 lines 20-27). 

Regarding claim 26 , Cheng et aL discloses the computer system as described in 
Claim 18, wherein said method further comprises: expiring a first artifact after use 
of said first artifact by a trusted partner site to retrieve said assertion information 
(Rejected under the same rationale as claim 10 and col. 4 lines 20-27). 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 6, 16 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cheng et al. and further in view of Botz et al. (US 2003/01 77388 A1 ). 

Cheng et al. is silent in disclosing the method as described in Claim I, wherein 
said assertion information and said plurality of artifacts substantially comply with 
a Security Assertions Markup Language (SAML) standard, and said network of 
trusted partner sites facilitates web browser single sign-on capabilities using 
interoperational protocols substantially complying with said SAML standard, 
however Botz et al. does disclose such a method (0066 of Botz et al.) . 

It would have been obvious for one of ordinary skill in the art, at the time of the 
invention, the have been motivated to combine the system and method for 
providing interactions between multiple servers and an end user with the 
authentication identity translation within a multiple computing unit environment of 
Botz et al. . Cheng hints towards the possible benefit of such a combination in 
the recitation of the need for a "some standard data format should be agreed 
upon to pass the information from site to site. Furthermore, preferably this 
passing of confidential information should be done in a secure fashion, by using 
some sort of cryptographic means for example (col. 1 1 lines 47-52)." Botz et al. 
provides motivation for the combination in the description of, " the emerging web 
services computing model, [in which] the various AIT logical processes e.g., 
Domain Controller and interface services could be implemented as published and 
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subscribed to web accessible services. Likewise, ITTs and ITTRs could be stored 
as published XML documents which could be further implemented using the 
Security Assertion Markup Language (SAML), which is a proposed standard." 
Clearly there is motivation and benefit to modify the invention of Cheng towards 
compliance with a technology, namely SAML which is a proposed standard. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chinwendu C. Okoronkwo whose telephone number is 
(571) 272 2662. The examiner can normally be reached on MWF 9:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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